Session key: can it be abused?

[LoyceV]

If someone gets access to someone else's session key (on Bitcointalk SMF), can that be abused? I've tried to do something with it in a private window, but get this:

Session verification failed. Please try logging out and back in again, and then try again.

Is this enough to assume there's no risk in leaking a session key, or did I overlook something?

[1714838874]

1714838874

[1714838874]

1714838874

[1714838874]

1714838874

[theymos]

If someone has your session key, they can try CSRF attacks against you until the key expires. You should keep it secret.

[morvillz7z]

Hmm, I also got that same exact error at least half a dozen times today trying to edit some of my messages or to quote someone. I recall this being the first time i encounter "Session verification failed". I can also see it being reported multiple times over the years.

Should i be concerned about it and is there anything i can do?

[TECSHARE]

Hmm, I also got that same exact error at least half a dozen times today trying to edit some of my messages or to quote someone. I recall this being the first time i encounter "Session verification failed". I can also see it being reported multiple times over the years.

Should i be concerned about it and is there anything i can do?

This is a normal event if you leave a tab open for a long time. No action is needed, just reload the page (from a direct link not a refresh).

[LoyceV]

You should keep it secret.

Thanks, that's what I thought. I just found out I've been sharing LoyceBot's session keys since April.

I disabled this scraper, then logged out and logged in again. I think I'm good now.

I'll lock this thread soon.